Zühlke – Empowering Ideas

Cyber Security Solutions

Cybersecurity

As society embraces digitalization, cyberattacks pose a major threat to business continuity and personal safety. At Zühlke, we develop reliable technical solutions and sustainable practices to protect critical assets and to ensure data privacy. Our strong security competence enables sustainable digital innovation and adequate cyber resilience in a data-driven economy.

 

Protecting your critical assets with strong Cybersecurity and Data Privacy

Our society is under attack. In a recent study, nearly 90% of surveyed healthcare organizations have experienced a data breach in two years. One in every three financial services was affected by ransomware in 2021. As companies take more than 200 days on average to identify and contain a data breach, the average cost increases to more than 4 million USD. Overall digital transformation, despite all its merit, has left many businesses unprepared for new threats while chipping away the trust of end users. 

The current threat landscape proves that we need solid cybersecurity maturity. For example, COVID certificate apps that ensure the secure handling of user data will help gain the trust of users and thus help prevent future waves of the pandemic. Additionally, critical infrastructures such as power grids or water supplies require enhanced security to face the increasing threats from cybercrime and ransomware. 

At Zühlke, we believe that cyber security is not just a matter of having a few experts in place. Instead, we believe that cybersecurity should be a holistic approach that involves technical solutions, effective governance, and company culture. With our comprehensive understanding of cybersecurity, our experts help protect your digital assets and ensure that your products are trustworthy. 

Learn more about

security_engineering

Security Engineering

Insecure products are a common entry point to critical systems, as evidenced by incidents such as the SolarWinds attack. Our security engineering expertise prepares your product development against threats from the beginning. By designing security early and thoughtfully, we create products with sustainable security postures.

Built-in Security in Your Projects
We follow industry best practices to ensure that security is an integral part of quality in your engineering projects.  For a...

We follow industry best practices to ensure that security is an integral part of quality in your engineering projects. 

For a Swiss MedTech company that develops an embedded IoT product for asset monitoring, we perform continuous threat modeling to identify potential security risks and develop mitigations to protect the integrity of the data flow. 

DevSecOps Automation
In digital innovation, we believe that security should not be a burden for engineers. Following DevOps practices, we automate most...

In digital innovation, we believe that security should not be a burden for engineers. Following DevOps practices, we automate most of the security checks to help your teams focus on the business logic. 

For a Swiss finance institution’s R&D department, we develop a modern DevSecOps platform with automated security testing, logging, and vulnerability alerting mechanisms. By integrating processes directly into CI/CD pipelines, we ensure a streamlined adoption of best practices in secure software development.

Identity Access Management and PKI
Identity theft and phishing attacks cause significant losses for users and enterprises. We provide your web and IoT applications...

Identity theft and phishing attacks cause significant losses for users and enterprises. We provide your web and IoT applications with industry experience in implementing strong authentication, authorization, and public-key infrastructures. 

For a Swiss insurance company, we help develop a self-service customer platform that integrates modern identity access management using Open ID Connect and OAuth2 standards. This solution provides the client with a competitive edge and a simplified customer service process. 

Applied Cryptography
Critical systems and network infrastructure demand high guarantees and confidence in the robustness of security protocols and...

Critical systems and network infrastructure demand high guarantees and confidence in the robustness of security protocols and mechanisms. 

For a leading Swiss finance institution that develops and operates a modern network communication protocol, we combine manual security protocol reviews and semi-automated formal methods and tools for protocol verification to find security weaknesses and examine the desired security properties.

thread_modeling_

Security Consulting

According to 71% of CISOs in a survey, businesses treat security as an impediment to the speed to market. With our broad experience, we believe security should be a smooth and informed process. We offer consulting services to help businesses identify potential security pitfalls and address them early and in a pragmatic way.

Ensuring Product Security and Time to Market
Security is rarely an explicit requirement in traditional product development, but it has become a critical quality factor that is...

Security is rarely an explicit requirement in traditional product development, but it has become a critical quality factor that is hard to get right and often delays time to market. With our engineering background, we help define pragmatic product security practices that effectively improve the security of products throughout your entire organization. 

For various companies, we regularly assess and assist in improving their security development maturity based on relevant market standards from ISO, IEC, NIST, MDCG, and many more. 

Threat Modeling
We live the principle of “security by design” and analyze the threat landscape of any system since its inception. Security...

We live the principle of “security by design” and analyze the threat landscape of any system since its inception. Security analyses at an early stage enable stakeholders to holistically assess risks and avoid unwanted surprises. 

For a Swiss instrument manufacturer, we perform continuous threat modeling to determine necessary security mitigations and support their development based on actual business needs.

Security Development Lifecycle
We believe in the power of “shift left” security in digital product development to anticipate cyber threats, avoid security...

We believe in the power of “shift left” security in digital product development to anticipate cyber threats, avoid security technical debt, and achieve high security assurance in an effective and sustainable way. 

For a Swiss transportation company, we develop agile software development practices to facilitate their adoption of cybersecurity from business case ideation to product field operation.

penetrationstests_red_teaming

Security Assessments

Looking for a second opinion on your security design choices? We are passionate about understanding in the details and sharing our solid knowledge in information security fundamentals and broad experiences in projects. Our security experts assist in identifying security gaps and providing valuable insights for improvement.

Code and Architecture Review
We offer reviews on product security designs and source code to help you build security from the ground up. Our actionable...

We offer reviews on product security designs and source code to help you build security from the ground up. Our actionable insights effects positive change on various levels, including missing security threats, architecture weaknesses, code hygiene, and state-of-the-art security mechanisms. 

For a blockchain company in the Swiss Crypto Valley, we perform regular in-depth analyses of its cryptographic protocol implementations and report on its security weaknesses along with suggested improvements. 

Penetration Testing
While Zühlke is proficient in building secure solutions, our engineers also have a hacker mindset. We offer penetration testing...

While Zühlke is proficient in building secure solutions, our engineers also have a hacker mindset. We offer penetration testing services to identify a system’s security weaknesses, allowing product development to implement strong security measures in a prioritized and pragmatic way. 

For a Swiss healthcare organization, we conduct multiple penetration tests on their web and mobile applications. Our findings on their security weaknesses help them implement the necessary mitigations. 

Red Teaming
We evaluate your overall cybersecurity readiness by acting as a red team that strategically identifies and exploits your...

We evaluate your overall cybersecurity readiness by acting as a red team that strategically identifies and exploits your organization’s vulnerabilities. By applying a range of advanced techniques used by attackers, such as social engineering and spear-phishing, we help you spot weak links in your company’s operations and increase your ability to react accordingly. 

For a Swiss manufacturing company, we perform red teaming for several months and provide insights, which led to the development and improvement of security measures for sustainable cyber resilience. 

Zwei Frauen besprechen Projekt

Governance, Risk Management, and Compliance

Despite the rising threat of ransomware, a recent poll shows that only one in three executives is prepared to handle it. We believe that cyber threats should be a core part of governance and risk management. With our experience in industry governance standards, we help companies implement effective management processes to ensure security in their day-to-day operations.

Risk and Project Management
Our project management incorporates risks from all aspects and places emphasis on cybersecurity for critical IT applications. We...

Our project management incorporates risks from all aspects and places emphasis on cybersecurity for critical IT applications. We ensure that projects develop smoothly with pragmatic consideration of security processes, hardening, and data protection. Transparent communication enables stakeholders of different technical altitudes to consistently reach milestones while keeping cyber risks in check. 

For a larger infrastructure project in the Swiss mountains, we provide project management combined with technical assessments and risk management for a multitude of suppliers and operators.

Standard Compliance
Market demand is driving enterprises to fulfill requirements from established regulations and standards such as GDPR and ISO 27001...

Market demand is driving enterprises to fulfill requirements from established regulations and standards such as GDPR and ISO 27001. We provide the technical depth and the project management expertise to navigate businesses through the multitude of industry-specific regulations. 

For a Swiss retail company, we provide consulting services on Information Security Management Systems (ISMS) to become prepared and to successfully fulfill ISO 27001 certification. Furthermore, we support a Swiss canton in setting up an ISMS while taking into account the various requirements of the many stakeholders involved.

Laptop in Secured Training

Awareness and Technical Training

Your employees are the strongest defense against attacks, as research showed that up to 99% of malware attacks require human interaction. As domain experts, we enjoy sharing our insights on cybersecurity trends and engaging a larger audience. We offer tailored training programs to help scale up security awareness throughout your organization.

SecurEd: More Resistance to Cyberattacks
We offer an awareness training platform that helps your organization prepare your employees for the next attack by understanding...

We offer an awareness training platform that helps your organization prepare your employees for the next attack by understanding attack patterns and learning best practices in a gamification-based way. 

The SecurEd training platform is successfully used by companies in the finance and insurance sector to effectively increase their employees’ security awareness. 

Find out more at https://www.scrd.ch/ 


Product Security Development Training and Workshops
We frequently share our security expertise and project experience with tech experts. Based on your needs, we offer tailored...

We frequently share our security expertise and project experience with tech experts. Based on your needs, we offer tailored workshops and provide the necessary training with industry experts on a wide range of security topics. This is how we enable companies to take effective ownership of cybersecurity throughout product development. 

For software developers, we regularly offer web security workshops on common attacks and defenses in web applications. For a Swiss industry company, we provide training on security development lifecycle and DevSecOps based on standards such as IEC 62443.

Zwei Frauen besprechen vor Laptop

Strategic Partnerships

To complement our services, Zühlke has established partnerships with start-ups as well as with established cybersecurity service providers and solution vendors, ranging from blockchain to in-depth security testing tools. Based on your unique business profile, we team up with our partners to deliver a suite of comprehensive solutions that work in harmony to suit your needs.

You have general questions about Cyber Security?

Please have a look at our FAQ page; here you find answers to frequently asked questions on the subject of Cyber Security.

Cyber Security Zühlke
Raphael Reischuk
Contact person for Switzerland

Dr. Raphael Reischuk

Head of Cybersecurity & Partner

Raphael Reischuk is the author of numerous scientific publications in various areas of IT security and cryptography, many of which have received awards. BILANZ and Handelszeitung listed him among the Top 100 Digital Shapers in Switzerland in 2021.

Reischuk is a member of multiple international programme committees for IT security and Vice-President of the Cybersecurity Committee at digitalswitzerland. He is also the co-founder and a board member of the National Test Institute for Cybersecurity (NTC).

In 2017, he joined Zühlke, where he channels the expertise he has gained in various industries into his role as Head of Cybersecurity. As an experienced IT security expert, he is driven by curiosity, innovation, technology, a sense of commitment and a strong business ethos.

Contact